Computing system and method of operating computing system

ABSTRACT

A computing system including a memory that is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and a controller configured to control the plurality of components to encrypt the data and to record the encrypted data in the memory.

CROSS-REFERENCE TO RELATED PATENT APPLICATION

This application claims priority from Korean Patent Application No.10-2011-0087196, filed on Aug. 30, 2011 in the Korean IntellectualProperty Office, the disclosure of which is incorporated herein in itsentirety by reference.

BACKGROUND

1. Field

Systems and methods consistent with exemplary embodiments relate to acomputing system and a method of operating the computing system, andmore particularly, to a computing system for protecting data in a sharedmemory and a method of operating the computing system.

2. Description of the Related Art

In an open platform environment where independent inventors can developand register applications other than operating systems, there is anincreasing need to ensure secure platforms for safely protectingcontent.

In order to safely provide content from a source device to a targetdevice, conventional content protecting technologies such as digitalrights management (DRM) or link protection has been used.

However, end-to-end protection has not been considered for theseconventional content protecting technologies. For example, when DRM isreleased before audio/video (AV) content to which the DRM is applied isused in a target device, the AV content is temporally decrypted in thetarget device. In this case, external attackers may illegally copy theAV content.

SUMMARY

One or more exemplary embodiments provide a computing system forprotecting data in a shared memory and a method of operating thecomputing system.

According to an aspect of an exemplary embodiment, there is provided acomputing system including a memory that is shared by a plurality ofcomponents of the computing system in order to exchange data between theplurality of components; and a controller configured to control theplurality of components to encrypt the data and to record the encrypteddata in the memory.

According to an aspect of another exemplary embodiment, there isprovided a method of operating a computing system, the method includingencrypting data when a memory is shared by a plurality of components ofthe computing system in order to exchange data between the plurality ofcomponents; and recording the encrypted data in the memory.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other aspects will become more apparent by describing indetail exemplary embodiments with reference to the attached drawings inwhich:

FIG. 1 is a block diagram of a computing system according to anexemplary embodiments;

FIG. 2 is a schematic diagram for explaining an operation of a computingsystem, according to an exemplary embodiments;

FIG. 3 is a detailed diagram for explaining an operation of a computingsystem, according to another exemplary embodiments;

FIGS. 4A and 4B show data structures, according to an exemplaryembodiments;

FIGS. 5A and 5B show data structures that are protected on a path from apoint of time when commercial DRM is released to a point of time whendata is rendered; and

FIG. 6 is a flowchart of a method of operating a computing system,according to another exemplary embodiment.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

While describing the exemplary embodiments, detailed descriptions aboutrelated well-known functions or configurations that may diminish theclarity of certain aspects of the exemplary embodiments are omitted.

Terms or words used herein shall not be limited to having common ordictionary meanings, and may have meanings corresponding to technicalaspects of the exemplary embodiments so as to most suitably describe theexemplary embodiments.

Reference will now be made in detail to various embodiments, examples ofwhich are illustrated in the accompanying drawings.

FIG. 1 is a block diagram of a computing system 100 according to anexemplary embodiments

Referring to FIG. 1, the computing system 100 includes a processor 110and a memory 120.

The processor 110 that is also referred to as an application processor110 includes a controller 130 and first and second components 140 and150 of the computing system 100.

The first and second components 140 and 150 of the computing system 100perform a function of a graphic processing unit (GPU). For convenienceof illustration, only the first component 140 and the second component150 are shown in FIG. 1. However, it will be understood that at leasttwo components that are separated in units of function blocks may beused or alternatively, a single combined component performing variousfunctions may be used.

The memory 120 is a shared local memory that is shared by the first andsecond components 140 and 150 of the computing system 100 in order toexchange data therebetween. An example of the memory 120 includes adouble data rate (DDR) memory, but is not limited thereto.

The controller 130 is a device for controlling the computing system 100.The controller 130 controls a series of operations of receiving datafrom various input devices, processing the data, and then transmitting aresult to an output device. That is, the controller 130 serves as a hostcentral processing unit (CPU). Operation of the controller 130 will nowbe described.

First data of the first component 140 is decryption state data.

It is assumed that the first data of the first component 140 istransmitted to the second component 150 through the memory 120 ratherthan being used in the first component 140 or being transmitted to anexternal device.

In this case, the controller 130 controls the first component 140 toapply a protection technology according to the exemplary embodiment tothe first data so as to generate second data that is encryption statedata. The protection technology according to the present exemplaryembodiment is a predetermined encryption/decryption technology that isdetermined between the first and second components 140 and 150 in orderto protect data and will be referred to as a ‘first protectiontechnology’. In this case, according to the present exemplaryembodiment, the first component 140 and the second component 150 mayshare a shared key for applying or releasing the first protectiontechnology.

In the first protection technology, encryption is not performed on alldata, but instead, encryption/decryption is performed on a predeterminedregion of a payload of data. A data structure for applying the firstprotection technology will be described later below with reference toFIGS. 4A and 4B.

Then, the controller 130 transmits the second data from the firstcomponent 140 to the memory 120.

Then, the controller 130 transmits the second data from the memory 120to the second component 150.

The second component 150 generates the first data that is decryptionstate data in which the first protection technology is released. Thesecond component 150 performs a unique data processing function on thefirst data. For example, when the second component 150 is a renderer,the second component 150 may perform rendering so as to display thefirst data on a display unit (not shown).

FIG. 2 is a schematic diagram for explaining an operation of a computingsystem 100 a, according to an exemplary embodiment.

The computing system 100 a includes a memory 120 a, a controller 130 a,a security unit 140 a, and a display controller 150 a. For convenienceof description, only the security unit 140 a and the display controller150 a are exemplified as components of the computing system 100 a.However, the computing system 100 a may include various other componentsthat perform a function of a GPU.

The controller 130 a receives data that is encrypted by using digitalrights management (DRM) from a source device (not shown) and stores thedata in the memory 120 a. According to the present exemplary embodiment,the DRM is exemplified as an external protection technology. However,the external protection technology may include various link protectiontechnologies such as digital transmission content protection (DTCP) andhigh bandwidth digital content protection (HDCP), which allow digitalcontent to be transmitted to reliable devices only.

Then, the controller 130 a transmits the DRM encrypted data from thememory 120 a to the security unit 140 a (which is also referred to as asecurity subsystem). The security unit 140 a decrypts the DRM encrypteddata. Then, the security unit 140 a generates re-encrypted data byencrypting the DRM decrypted data again by using the first protectiontechnology. In this case, the data may be audio/video (AV) data, but isnot limited thereto.

Then, the controller 130 a transmits the re-encrypted data from thesecurity unit 140 a to the memory 120.

Accordingly, in the memory 120 a, although the DRM encrypted data isdecrypted, the data that is re-encrypted by using the first protectiontechnology is present. Thus, even if malware accesses the memory 120 aso as to capture data, it is impossible to illegally use the data.

Conventionally, during an AV processing process, since DRM encrypteddata is temporally decrypted and exposed to outside a computing system,malware may access the data. However, according to the present exemplaryembodiment, this problem may be overcome.

Then, the controller 130 a transmits the re-encrypted data from thememory 120 a to the display controller 150 a.

The display controller 150 a decrypts the re-encrypted data, decodes thedecrypted data, renders the decoded data, and outputs the rendered dataon a display unit (not shown).

As a result, the computing system 100 has the following advantages.

First, data may be protected by using a simple method in order to ensurea secure environment without complicated virtualization technology orheavy hardware.

Second, content may be protected by using hardware-based end-to-endprotection technology rather than being dependent upon contentprotection technology based on a software (S/W) solution. In addition,the first protection technology is applied from a point of time whencommercial DRM is released just before the rendering is performed.

Third, data that needs to be protected when being stored in the memory120 is encrypted by using the first protection technology. Thus, even ifmalware present in the controller 130 accesses the memory 120 andillegally copies data, the data cannot be reproduced.

Fourth, a security level may be increased by using conventional contentprotection technologies with the first protection technology. Forexample, the first protection technology may be easily combined with acommercial DRM solution. That is, since the first protection technologymay be applied to the memory 120 without being dependent upon thecommercial DRM solution, the first protection technology may be easilycombined with the commercial DRM solution.

Fifth, in an environment in which circulation markets of premium contentare spread out, AV content having high image quality, such as 1080P, maybe more easily ensured.

In addition, the computing system 100 may be used in a premium contentstreaming service of a mobile device, a premium content streamingservice of internet protocol television (IPTV) and smart TV, and apremium content streaming service of a set-top box (STB).

FIG. 3 is a detailed diagram for explaining an operation of a computingsystem 100 b, according to another exemplary embodiment.

Referring to FIG. 3, a controller 130 b, a security unit 140 b, arendering unit 350, and a codec unit 340 share data with each otherthrough a memory 120 b and perform respective functions to perform adata processing process.

For convenience of description, the security unit 140 b, the renderingunit 350, and the codec unit 340 are exemplified as components of thecomputing system 100 b. However, the computing system 100 b may includevarious components for performing a function of a GPU.

The first protection technology may be embodied in the components of thecomputing system 100 b, except for the controller 130 b, that is, in thememory 120 b, the security unit 140 b, the rendering unit 350, and thecodec unit 340.

Data structures 320, 320 a, 330, and 330 a to which the first protectiontechnology is applied are illustrated to have a slash pattern and a dotpattern. In this case, the same patterns have the same protectionparameters and different patterns have different protection parameters.Throughout this specification, protection, crypto, andencryption/decryption have the same meaning.

In FIG. 3, ‘Crypto’ refers to a crypto engine for performingencryption/decryption. ‘Enc’ and the ‘Dec’ that are indicated below‘Crypto’ refer to encryption and decryption functions performed by thecrypto engine. According to the present exemplary embodiment, the cryptoengine may have a relatively small size and a high speed.

The controller 130 b generates a data structure including a header and apayload in order to apply the first protection technology to data andpacketizes the data structure.

Numbers {circle around (1)}, {circle around (2)}, {circle around (3)},and {circle around (4)} in the data structures in the memory 120 b referto numbers of components of the computing system 100 b, which are 130 b,140 b, 340, 350 that access the data structures in the memory 120 b, inFIG. 3.

That is, the controller 130 b and the security unit 140 b access thedata structure 310. The controller 130 b, the security unit 140 b, andthe codec unit 340 access the data structure 320. The controller 130 b,the codec unit 340, and the rendering unit 350 access the data structure330.

First, the controller 130 b stores the data structure 310 that isencrypted by using DRM in the memory 120 b.

Then, the controller 130 b transmits the data structure 310 from thememory 120 b to the security unit 140 b.

Then, the security unit 140 b decrypts the data structure 310 andgenerates the data structure 320 by re-encrypting the data structure 310a as a first protection parameter.

Then, the controller 130 transmits the data structure 320 that isre-encrypted as the first protection parameter from the security unit140 b to the memory 120 b.

Then, the controller 130 transmits the data structure 320 from thememory 120 b to the codec unit 340.

Then, the codec unit 340 decrypts the data structure 320. The codec unit340 decodes the data structure 320 a and generates the data structure330 by re-encrypting the data structure 320 a as a second protectionparameter.

Then, the controller 130 b transmits the data structure 330 that isre-encrypted as the second parameter from the codec unit 340 to thememory 120 b.

Then, the controller 130 b transmits the data structure 330 to therendering unit 350. The rendering unit 350 decrypts the data structure330. The rendering unit 350 renders the data structure 330 a anddisplays the data structured 330 a on a display unit 360.

With reference to FIGS. 4A and 4B, a data structure that is illustratedin order to apply the first protection technology will now be described.

According to the present exemplary embodiment, the data structure thatis adapted in order to apply the first protection technology includes anencryption/decryption (Enc/Dec) header, and an encryption/decryption(Enc/Dec) payload.

The Enc/Dec payload includes an elementary stream (ES) header and apacketized elementary stream (PES) payload. Throughout thisspecification, the ‘header’ and the ‘payload’ refer to an Enc/Dec Headerand an Enc/Dec payload, which are formed by using the first protectiontechnology. The PES payload is just an example, and thus the exemplaryembodiments are not limited thereto. The PES may be of another transportprotocol packet type.

The ES header is a header that is formed when original AV data iscompressed by a codec and is generated from an upper AV protocol. Inorder to transmit an ES packet, an AV container such as AV1, MP2, WMA,or the like may be used.

For example, since the ES header includes information that is requiredto perform rending, the ES header is not encrypted and remains as plaintext.

The ES header is formed by an upper layer and is a portion that cannotbe controlled by using the first protection technology. On the otherhand, the Enc/Dec header is formed by using the first protectiontechnology.

Referring to FIG. 4A, a dot pattern of a payload indicates an encrypteddata segment. A slash pattern indicates a segment that is not encryptedfor a final block if misalignment occurs.

Two functions of data structures according to the exemplary embodimentswill now be described.

With regard to a first function, a header of the data structure includesrelevant information indicating a range of encryption/decryption inorder to perform encryption/decryption by using the first protectiontechnology.

With regard to a second function, according to the exemplaryembodiments, when encryption/decryption is performed in units of blocks,misalignment is liked to occur by 128 bits. For reference, whenencryption is performed in units of blocks, only data with apredetermined length may be input. Encryption is not performed on a lastdata portion where the misalignment occurs. In this case, the header ofthe data structure includes position information indicating a positionfrom where encryption/decryption is not performed.

With reference to FIGS. 4A and 4B, an example of a data structure forperforming the above-described two functions will now be described.

First, with reference to FIG. 4A, the first function of the datastructure will be described.

‘Len’ indicates a payload length of the data structure that is definedaccording to the exemplary embodiments.

‘A/V’ indicates an identifier indicating whether a payload indicatesaudio data or video data.

‘ULH IDC’ indicates an identifier indicating whether upper layer headersto which encryption/decryption should not be applied are present in thepayload.

‘ULH Len’ indicates a range (length) of a region to whichencryption/decryption should not be applied when the upper layer headersto which encryption/decryption should not be applied are present in thepayload.

With reference to FIGS. 4A and 4B, the second function of the datastructure will be described.

‘St.Ctr’ is a first counter (CTR) number of the payload and is used asan input during encryption/decryption.

A data protection function may be further strengthened by adding acounter value in addition to a key value, as an input of the cryptoengine (refer to FIG. 3)

‘# of MA offset’ indicates the number of blocks to whichencryption/decryption should not be applied from among all payloads dueto misalignment from “St. Ctr”. For example, according to the exemplaryembodiments, the misalignment indicates that targets ofencryption/decryption do not have 128 bits, but is not limited thereto.

For example, since FIG. 4B shows “# of MA offset==3”, it may be seenthat three regions 21, 26, and 30 are white except for the ES header.The three white regions 21, 26, and 30 are regions to whichencryption/decryption should not be applied.

With regard to ‘MaCtr/Valid’, the misalignment may be traced by adding avalue ‘MaCtr’ and a value of ‘St.Ctr’.Misalignment Position=St .Ctr+Ma Ctr  (1)

For example, referring to FIG. 4B, the regions 21, 26, and 30 that aremisaligned may be traced according to equations 18+3, 18+8, and 18+12,respectively.

‘Valid’ indicates the number of bytes to which encryption/decryption isnot applied in the calculated MaCtr block.

For example, referring to FIG. 4B, the concept that Valid of the region21 is 1 indicates that encryption/decryption is not applied to 1 byteonly. With regard to the region 26, encryption/decryption is not appliedto 8 bytes. With regard to the region 30, encryption/decryption is notapplied to 6 bytes. Encryption/decryption is not applied as long asdifferent lengths of white regions have different lengths in the regions21, 26, and 30.

FIGS. 5A and 5B show data structures that are protected on a path from apoint of time when commercial DRM is released to a point of time whenrendering is performed on data. FIGS. 5A and 5B are based on the datastructure of FIG. 4A.

Referring to FIG. 5A, a data structure 510 is encrypted by using thecommercial DRM 515.

A data structure 520 is decrypted by a commercial DRM decrypter.

A data structure 530 is formed by an upper layer header (UL_HDR) parser& first encrypter 525, which parses header information of the datastructure 520 and performs first encryption on a payload in apredetermined encryption range based on the header information.

For example, with regard to the data structure 530, when a header therightmost data structure is referred to, since MA offset==1, it may beseen that a single region is white except for the ES header. The whiteregion is a region to which encryption/decryption should not be applied.

In addition, Misalignment Position=St.Ctr+MaCtr=18+4=22.

Since Valid=8, encryption/decryption is not applied to 8 bytes in thecalculated MaCtr block.

A security unit 140 may include a commercial DRM decrypter 515 and theUL_HDR parser & first encrypter 525.

A data structure 540 is a data structure formed by aggregating a headerand payload packets of the data structure 530. For example, in order tocollect PES packets to form a single ES packet prior to AV decoding, amedia player (MP) of the controller 130 b (refer to FIG. 3) mayaggregate the PES packets.

When a transmission side finely divides an ES packet in order totransmit the ES packet, the divided packets need to be aggregated priorto decoding of the divided packets. Thus, if the ES packet itself isencrypted and transmitted without being divided by the transmissionside, the data structure 540 may be omitted. A data structure 550 is adata structure formed by the UL_HDR parser & first decrypter 545, whichparses header information of the data structure 540 and performs firstdecryption on a payload in a predetermined decryption range based on theheader information.

Referring to FIG. 5B, a data structure 560 is formed by a decoder 555decoding the data structure 550.

A data structure 570 is a data structure formed by a second encrypter565 performing second encoding on a payload in a predeterminedencryption range based on header information of the data structure 560.

The codec unit 340 may include the UL_HDR parser & first decrypter 545and the decoder 555.

A data structure 580 is a data structure formed by a second decrypter575 performing second decryption on the data structure 570.

The decrypted data structure 580 is rendered and displayed on a displayunit 360.

The rendering unit 350 may include the second decrypter 575 and arenderer 575.

FIG. 6 is a flowchart of a method of operating a computing system 100,according to another exemplary embodiment. The operation of FIG. 6 isthe same as the operation of the computing system 100 described withreference to FIG. 1 and thus, will be simply described.

In operation 610, when components of the computing system 100 share thememory 120 in order to exchange data therebetween, the controller 130controls the components to encrypt data. For example, when data istransmitted from the first component 140 to the second component 150through the memory 120, the controller 130 controls the first component140 to encrypt decrypted data.

In operation 620, the controller 130 controls the components to recordthe encrypted data in the memory 120. For example, the controller 130controls the first component 140 to record the encrypted data in thememory 120.

With reference to FIGS. 2 through 4A, a method of protecting data on theshared memory 120 of the computing system 100 according to a singlescenario according to an exemplary embodiment will now be described. Anexample of the computing system 100 may include a display device.Hereinafter, it is assumed that a data structure according to thescenario indicates the data structure described with reference to FIG.4A.

The computing system 100 stores, in the memory 120, encrypted data thatis safely received by using content protection technology (hereinafter,referred to as external protection technology) determined between thecomputing system 100 and a source device (not shown).

Then, the controller 130 generates the data structure before theexternal protection technology is released and fills a payload of thedata structure with the data in which the external protection technologyis released.

Then, the controller 130 controls the security unit 140 a to release theexternal protection technology and to perform packetization on the datastructure. The security unit 140 a performs encryption/decryption basedon header information of the data structure.

Then, a media player (MD) operating in the controller 130 controls ademultiplexer (DEMUX) to decode the payload of the data structurerecovered from the security unit 140 a.

Since the computing system 100 is designed so that a portion that isrequired to be referred to is not encrypted from among an encryptedpayload in the data structure, the DEMUX has no problem when performingoperations. However, since other remaining payloads themselves areencrypted, the other remaining payloads are safe from external attacks.

The media player (MD) calls the codec unit 340.

The codec unit 340 decrypts the encrypted data structure and decodes thedecrypted data structure.

After the data is decoded, just before the data is written in the memory120, the codec unit 340 applies the first protection technology toencrypt the decoded data structure and records the encrypted datastructure in the memory 120.

The media player (MD) calls the rendering unit 350.

The rendering unit 350 decrypts the encrypted data structure and rendersthe encrypted data structure.

The exemplary embodiments can also be implemented as computer readablecodes on a computer readable recording medium. The computer readablerecording medium is any data storage device that can store programs ordata which can be thereafter read by a computer system.

The computer readable codes are configured to perform methods ofrecording and reproducing an image according to the exemplaryembodiments when being read and executed by a processor. The computerreadable codes may be embodied by various programming languages.Functional programs, codes, and code segments for accomplishing theexemplary embodiments can be easily construed by programmers of ordinaryskill in the art to which the exemplary embodiments pertain.

Examples of the computer readable recording medium include read-onlymemory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes,floppy disks, optical data storage devices, solid state drives (SSD),flash memories, and so on. The computer readable recording medium canalso be distributed over network coupled computer systems so that thecomputer readable code is stored and executed in a distributed fashion.

While exemplary embodiments have been particularly shown and described,it will be understood by those of ordinary skill in the art that variouschanges in form and details may be made therein without departing fromthe spirit and scope of the inventive concept as defined by thefollowing claims.

What is claimed is:
 1. A computing system comprising: a plurality ofprocessors comprising a first processor and a second processor, theplurality of processors implemented as hardware and configured toencrypt a predetermined region of a payload and decrypt the encryptedpredetermined region of the payload based on first information andsecond information, using a first protection technology; a memory thatis shared by the first processor and the second processor to exchangedata between the first processor and the second processor; and a firstcontrol circuitry configured to generate the first informationindicating the predetermined region, of the payload, that is to beencrypted or decrypted using the first protection technology, togenerate the second information indicating a position of a region, ofthe payload, in which encryption or decryption is not to be performed,to identify the predetermined region of the payload, to which theencryption or the decryption is to be applied using the first protectiontechnology, based on the first information, to identify the region ofthe payload, to which the encryption or the decryption is not to beapplied, based on the second information, to control the first processorto re-encrypt decrypted data using the first protection technology, torecord the re-encrypted data in the memory and to transmit there-encrypted data from the first processor to the second processorthrough the memory, wherein the plurality of processors comprise: asecurity circuitry which decrypts data that is encrypted by an externaldevice using a second protection technology; and a display controlcircuitry which controls display of data, wherein the first controlcircuitry controls the memory to record the data that is encrypted usingthe second protection technology, controls the security circuitry toread and decrypt the data that is encrypted using the second protectiontechnology and encrypt and record the decrypted data using the firstprotection technology, and controls the display control circuitry toread and decrypt the data that is encrypted using the first protectiontechnology.
 2. The computing system of claim 1, wherein each of theplurality of processors is configured to read and decrypt encrypted dataand to use the decrypted data.
 3. The computing system of claim 2,wherein the plurality of processors share the first protectiontechnology for encrypting and decrypting data that is exchanged betweenthe plurality of processors.
 4. The computing system of claim 3, whereinthe first control circuitry generates a data structure comprising aheader and the payload, which are defined according to the firstprotection technology.
 5. The computing system of claim 4, wherein theheader comprises the first information indicating the predeterminedregion, of the payload, that is to be encrypted or decrypted using thefirst protection technology.
 6. The computing system of claim 4, whereinthe second protection technology comprises digital rights management(DRM).
 7. The computing system of claim 1, wherein the display controlcircuitry is further configured to controller comprises: encode anddecode data; and render the data, wherein the first control circuitrycontrols to read and decrypt data that is encrypted using the firstprotection technology, and to re-encrypt and record the decrypted datausing the first protection technology, and controls the to re-decryptthe re-encrypted data using the first protection technology, to renderthe re-decrypted data, and to output the rendered data on a display. 8.The computing system of claim 1, wherein the computing system comprisesat least one of a digital television (DTV), a smart phone, a blue raydisc (BD), and a digital set top box (STB).
 9. A method of operating acomputing system, the method comprising: generating first informationindicating a predetermined region, of a payload, that is to be encryptedor decrypted using a first protection technology, and generating secondinformation indicating a position of a region, of the payload, in whichencryption or decryption is not to be performed; identifying thepredetermined region of the payload, to which the encryption or thedecryption is to be applied using the first protection technology, basedon the first information; identifying the region of the payload, towhich the encryption or the decryption is not to be applied, based onthe second information; re-encrypting decrypted data to exchange databetween a plurality of components of the computing system, the pluralityof components sharing a memory of the computing system; recording there-encrypted data in the memory using the first protection technology;transmitting the re-encrypted data from a first component to a secondcomponent among the plurality of components through the memory; andreading and decrypting the data that is encrypted using the firstprotection technology, wherein the recording the encrypted datacomprises recording data that is encrypted by an external device using asecond protection technology, wherein the reading and decrypting theencrypted data comprises reading and decrypting the data that isencrypted using the second protection technology, wherein there-encrypting the decrypted data comprises encrypting the decrypted datausing the first protection technology, and wherein the recording there-encrypted data comprises recording the data that is re-encryptedusing the first protection technology in the memory.
 10. The method ofclaim 9, further comprising: reading and decrypting encrypted data; andusing the decrypted data.
 11. The method of claim 10, wherein theplurality of components share the first protection technology forencrypting and decrypting data that is exchanged between the pluralityof components.
 12. The method of claim 11, further comprising:generating a data structure comprising a header and the payload, whereinthe data structure is defined according to the first protectiontechnology.
 13. The method of claim 12, wherein the header comprises thefirst information indicating the predetermined region, of the payload,that is to be encrypted or decrypted using the first protectiontechnology.
 14. The method of claim 12, wherein the second protectiontechnology comprises digital rights management (DRM).
 15. A method ofoperating a computing system, the method comprising: generating, at aprocessor of the computing system, first information indicating apredetermined region, of a payload, that is to be encrypted or decryptedusing a first protection technology, and generating second informationindicating a position of a region, of the payload, in which encryptionor decryption is not to be performed; identifying the predeterminedregion of the payload, to which the encryption or the decryption is tobe applied using the first protection technology, based on the firstinformation; identifying the region of the payload, to which theencryption or the decryption is not to be applied, based on the secondinformation; receiving, at the processor of the computing system, secondencrypted data which is encrypted according to a second protectiontechnology; decrypting, at the processor of the computing system, thereceived second encrypted data to generate second unencrypted data;re-encrypting, at the processor of the computing system, the secondunencrypted data according to the first protection technology togenerate first re-encrypted data; recording, at the processor of thecomputing system, the first re-encrypted data in a memory; transmittingthe first re-encrypted data from a first component to a second componentamong a plurality of components of the processor, through the memory;receiving, at the processor of the computing system, the firstre-encrypted data and decrypting the first re-encrypted data accordingto the first protection technology to generate first un-encrypted data;and rendering, at the processor of the computing system, the firstun-encrypted data, wherein the receiving the first re-encrypted data anddecrypting the first re-encrypted data according to the first protectiontechnology to generate the first un-encrypted data comprises receivingthe first re-encrypted data at a graphics processing unit or and audioprocessing unit; and decrypting the first re-encrypted data at thegraphics processing unit or the audio processing unit.
 16. The method ofclaim 15, wherein the re-encrypting the second unencrypted dataaccording to the first protection technology to generate the firstre-encrypted data further comprises: generating a data structurecomprising a header and the payload, wherein the data structure isadapted according to the first protection technology.
 17. The method ofclaim 16, wherein the header comprises the first information indicatingthe predetermined region, of the payload, that is to be encrypted ordecrypted using the first protection technology.
 18. The method of claim15, wherein the second protection technology comprises digital rightsmanagement.